Ansible playbook 使用
阿新 • • 發佈:2018-01-24
run 超時 stat dex 文件 for mes 日誌類 event
playbooks 是一種簡單的配置管理系統與多機器部署系統的基礎。與現有的其他系統有不同之處,且非常適合於復雜應用部署
playbook 可以定制配置,可以按指定的步驟有序執行,支持同步以及異步方式。
官網例子:https://github.com/ansible/ansible-examples
playbooks 可以用於聲明配置,更強大的地方在於,在playbooks中可以編排有序的執行過程,甚至於做到多組機器間,來回有序的執行特別指定的步驟,並且可以同步或異步發起任務。 ansible-playbook命令參數: -u REMOTE_USER : 手工指定遠程執行playbook的系統用戶; --syntax-check: 檢查playbook的語法; --list-hosts playbooks: 匹配到的主機列表; -T TIMEOUT : 定義playbook執行的超時時間; --step: 以單任務分步驟運行,方便做每一步的確認工作。 實例:[root@localhost ~]# tree /etc/ansible/ /etc/ansible/ ├── ansible.cfg ├── group_vars │ ├── all │ └── t3 ├── hosts ├── roles │ └── nginx │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ ├── default_proxy_params.conf │ ├── new.conf │ ├── nginx.conf │ ├── static_proxy_params.conf │ ├── upstream.conf │ ├── vhost.conf │ ├── vhost_ssl.conf │ └── websocket_proxy_params.conf ├── site.retry └── site.yml
[root@localhost ~]# cat /etc/ansible/hosts [all:vars] ansible_ssh_private_key_file=/root/.ssh/id_rsa ansible_ssh_port=22 ansible_ssh_user=root [t3:vars] ansible_python_interpreter=/usr/bin/python2 [t3] 192.168.11.162
[root@localhost ~]# cat /etc/ansible/site.yml
- hosts: t3 # 組名
user: root
roles:
- nginx # 角色
[root@localhost ~]# cat /etc/ansible/group_vars/t3 # t3為組名
worker_processes: 4
num_cpus: 4
max_open_file: 65506
worker_connections: 10240
log_format_format: ‘json‘ #日誌類型,默認為main
log_format_main: ‘$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent
"$http_referer" "$request_body" "$http_user_agent" "$http_x_forwarded_for"
cache_status:$upstream_cache_status upstream:$upstream_addr response_time: $request_time
response_time: $request_time host: $host‘
log_format_json: ‘{"client_ip":"$remote_addr","ident":"-","auth":"$remote_user",
"timestamp":"$time_local","request":"$request","response":"$status",
"bytes":"$body_bytes_sent","referer":"$http_referer","request_body":"$request_body",
"user_agent":"$http_user_agent","forwarded":"$http_x_forwarded_for",
"cache_status":"$upstream_cache_status","upstream":"$upstream_addr",
"upstream_status":"$upstream_status","http_host":"$host","ssl_protocol":"$ssl_protocol",
"ssl_cipher":"$ssl_cipher","request_time":"$request_time",
"upstream_response_time":"$upstream_response_time"}‘
vhost_domain: ["t1.bet","t2.com","t3.tv"] # 域名列表
upstream_list: [ # upstream 列表
{
"name" : "mobile", # 名稱
"server_list": [ # 服務列表
{"ip":"10.0.0.1","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":5},
{"ip":"10.0.0.2","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":15},
{"ip":"10.0.0.3","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":10},
{"ip":"10.0.0.4","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":5}
]
},
{
"name":"desktop",
"server_list":[
{"ip":"10.0.0.4","port" : 3001,"max_fails":2,"fail_timeout":"30s","weight":1},
{"ip":"10.0.0.3","port" : 3001,"max_fails":2,"fail_timeout":"30s","weight":1},
]
}
]
[root@localhost ~]# cat /etc/ansible/roles/nginx/tasks/main.yml - name: nginx is at then latest version # 安裝nginx yum: pkg=nginx state=latest - name: write the nginx.conf config file # nginx.conf 模板文件 template: src=nginx.conf dest=/etc/nginx/nginx.conf notify: - restart nginx - name: write the default_proxy_params.conf config file template: src=default_proxy_params.conf dest=/etc/nginx/conf.d/default_proxy_params.conf notify: - restart nginx - name: write the default_proxy_params.conf config file template: src=new.conf dest=/etc/nginx/conf.d/new.conf notify: - restart nginx - name: write the static_proxy_params.conf config file template: src=static_proxy_params.conf dest=/etc/nginx/conf.d/static_proxy_params.conf notify: - restart nginx - name: write the websocket_proxy_params.conf config file template: src=websocket_proxy_params.conf dest=/etc/nginx/conf.d/websocket_proxy_params.conf notify: - restart nginx - name: write the upstream.conf config file template: src=upstream.conf dest=/etc/nginx/conf.d/upstream.conf notify: - restart nginx - name: write the vhost.conf config file template: src=vhost.conf dest=/etc/nginx/conf.d/vhost.conf notify: - restart nginx - name: write the vhost_ssl.conf config file template: src=vhost_ssl.conf dest=/etc/nginx/conf.d/vhost_ssl.conf notify: - restart nginx - name: ensure nginx is running service: name=nginx state=started
[root@localhost ~]# cat /etc/ansible/roles/nginx/handlers/main.yml - name: restart nginx service: name=nginx state=started
[root@localhost ~]# cat /etc/ansible/roles/nginx/templates/nginx.conf
worker_processes {{ worker_processes }};
pid /var/run/nginx.pid;
{% if num_cpus == 2 %}
worker_cpu_affinity 01 10;
{% elif num_cpus == 4 %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif num_cpus >=8 %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}
worker_rlimit_nofile {{ max_open_file }}
events {
use epoll;
worker_connections {{ worker_connections }};
multi_accept on;
}
...
# 日誌格式配置
{% if log_format_format == ‘json‘ %}
log_format json {{ log_format_json }};
{% else %}
log_format main {{ log_format_main }};
{% endif %}
[root@localhost ~]# cat /etc/ansible/roles/nginx/templates/vhost.conf
{% for domain in vhost_domain %}
server {
listen 80 ;
server_name {{ domain }};
rewrite ^(.*) https://www{{ domain }} permanent;
{% if log_format_format == ‘json‘ %}
access_log logs/{{ domain }}.access.log json;
{% else %}
access_log logs/{{ domain }}.access.log main;
{% endif %}
}
{% endfor %}
[root@localhost ~]# cat /etc/ansible/roles/nginx/templates/vhost_ssl.conf
{% for domain in vhost_domain %}
server {
listen 443;#HTTP Port
server_name www.{{ domain }} {{ domain }};
include /usr/local/nginx/conf.d/new.conf;
index index.jsp index.html index.htm;
{% if log_format_format == ‘json‘ %}
access_log logs/{{ domain }}.access.log json;
{% else %}
access_log logs/{{ domain }}.access.log main;
{% endif %}
if ($http_host = {{ domain }} ) {
rewrite ^(.*)$ https://www.{{ domain }}$1 permanent; }
ssl on;
ssl_certificate /usr/local/nginx/conf.d/ssl/www.{{ domain }}/www.{{ domain }}.crt;
ssl_certificate_key /usr/local/nginx/conf.d/ssl/www.{{ domain }}/www.{{ domain }}.key;
}
{% endfor %}
[root@localhost ~]# cat /etc/ansible/roles/nginx/templates/upstream.conf
{% for upstream_name in upstream_list %}
upstream {{ upstream_name.name }} {
{% for server_name in upstream_name.server_list%}
server {{ server_name.ip }}:{{ server_name.port }} max_fails={{ server_name.max_fails }} fail_timeout={{ server_name.fail_timeout }} weight={{ server_name.weight}};
{% endfor %}
}
{% endfor %}
...
[root@localhost ~]# ansible-playbook /etc/ansible/site.yml PLAY [t3] *********************************************************** TASK [Gathering Facts] ********************************************** ok: [192.168.11.162] TASK [nginx : nginx is at then latest version] ********************** ok: [192.168.11.162] ...
Ansible playbook 使用